lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 23 Jan 2022 17:41:01 -0500 From: Alexander Aring <alex.aring@...il.com> To: Miquel Raynal <miquel.raynal@...tlin.com> Cc: Stefan Schmidt <stefan@...enfreihafen.org>, linux-wpan - ML <linux-wpan@...r.kernel.org>, "David S. Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, "open list:NETWORKING [GENERAL]" <netdev@...r.kernel.org>, Xue Liu <liuxuenetmail@...il.com>, Marcel Holtmann <marcel@...tmann.org>, Harry Morris <harrymorris12@...il.com>, David Girault <david.girault@...vo.com>, Romuald Despres <romuald.despres@...vo.com>, Frederic Blain <frederic.blain@...vo.com>, Nicolas Schodet <nico@...fr.eu.org>, Thomas Petazzoni <thomas.petazzoni@...tlin.com> Subject: Re: [wpan-next v2 4/9] net: ieee802154: at86rf230: Stop leaking skb's Hi, On Sun, 23 Jan 2022 at 15:43, Alexander Aring <alex.aring@...il.com> wrote: > > Hi, > > On Thu, 20 Jan 2022 at 06:21, Miquel Raynal <miquel.raynal@...tlin.com> wrote: > > > > Upon error the ieee802154_xmit_complete() helper is not called. Only > > ieee802154_wake_queue() is called manually. We then leak the skb > > structure. > > > > Free the skb structure upon error before returning. > > > > There is no Fixes tag applying here, many changes have been made on this > > area and the issue kind of always existed. > > > > Signed-off-by: Miquel Raynal <miquel.raynal@...tlin.com> > > --- > > drivers/net/ieee802154/at86rf230.c | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/drivers/net/ieee802154/at86rf230.c b/drivers/net/ieee802154/at86rf230.c > > index 7d67f41387f5..0746150f78cf 100644 > > --- a/drivers/net/ieee802154/at86rf230.c > > +++ b/drivers/net/ieee802154/at86rf230.c > > @@ -344,6 +344,7 @@ at86rf230_async_error_recover_complete(void *context) > > kfree(ctx); > > > > ieee802154_wake_queue(lp->hw); > > + dev_kfree_skb_any(lp->tx_skb); > > as I said in other mails there is more broken, we need a: > > if (lp->is_tx) { > ieee802154_wake_queue(lp->hw); > dev_kfree_skb_any(lp->tx_skb); > lp->is_tx = 0; > } > > in at86rf230_async_error_recover(). > s/at86rf230_async_error_recover/at86rf230_async_error_recover_complete/ move the is_tx = 0 out of at86rf230_async_error_recover(). - Alex
Powered by blists - more mailing lists